Features of Active Directory (AD)
In Server 2008 Read-only domain
controller (RODC) is introduced which only supports to the inbound replication
and do not support to the outbound replication means the changes made on other
domain controllers can accept but you by self cannot add or modify any object
on that change (other Domain controllers).
The introduction of server core is also a
new feature in 2008 which is a lightweight version of server 2008 which is
only manageable and operated through the command prompt. Fine-grained password policies which
gives the flexibility to our administrator that you can implement multiple
lockout and password policies.
How to do DHCP server role installation and configuration?
What is Windows Server Active Directory and its uses and benefits?
Also Read about
How to do DHCP server role installation and configuration?
What is Windows Server Active Directory and its uses and benefits?
Features of Active Directory and its LogicalStructure
Improvements also made in Auditing of
Active Directory modification and deletions and can find that the where the
actions of modification, or deletion is taken. Ability to start and stop Active
Directory as a service before this if you need to perform a task such as
offline maintenance then you need to Restart the AD domain controller but in
2008 server we can stop or restart it as a service after performing a task and
you do not need to down the domain controller so with this Downtime is decreased
and availability increases but not for all the task, for some tasks we are
still required to stop and restart the domain controller.
Introduction
of Read-only Domain Controller is such a domain controller on which we can
accept the replication but we cannot modify it just you can only read it and
with this feature, it provides extra security and we can implement it on a
place, where security is less, means such a farther work locations where you
cannot provide a suitable security.
Fine
grained password policies before 2008 server if we implemented a policy on a
domain suppose password or lockout policy and on a domain level we could
perform only one time and if we wanted to implement a different type of password
or lockout policy then, in that case, we were unable to do so and for that
purpose we need to create a new domain and we created a policy on a new domain
but in 2008 we do not need to create a new domain.
Active Directory Logical Structure
As we already know Active directory is a
collection of users, groups, services, and resources, and all these things in AD
are known as Objects. In other words AD is a centralized database or repository
of AD objects. AD is saved on a server in a network and this server is known as an active directory domain controller.
In a network for the purpose of fault
tolerance and redundancy more than one
domain controller may be present. For better organization such objects are
categorized such as container objects and leaf objects (AD objects are divided
into two parts). Container objects are such objects which
can contain the other objects in it such as forest, tree, domain,
organizational unit are such containers. Leaf objects cannot contain other objects
such as users, computers, and printers, etc
Active Directory Domain
Domain is an area or region in which
command and authority is present same like this window server domain is logical
group of computers that uses and shares a central directory database and on
that computers same or different versions of Microsoft Windows operating system
maybe installed upon then we can implement the policies and restrictions. Domain
is represented as a triangle.
Active Directory Tree
Active directory domain tree is a logical
grouping of network resources and devices means it is a collection of one or
more than one domains and there should be a relationship (The first domain that
is made is parent also known as forest root and all other domains which are
created under that are children) present among them such as parent-child
relationship and all of these should use the same namespace. such as if our
parent domain has the name "Engineer.com" then all child domains should
have engineer.com such as sales.engineer.com, or accounts.engineer.com and if a
child have further domains the then name will be north.sales.engineer.com or
south.sales.engineer.com and so on.
Active Directory Forest
It is the largest container object within
the active directory and it is a fundamental security boundary within the
Active directory means a user may be a part of any container object and can
access resources across an entire Active Directory forest using a single
logon/password combination but if you have trust relationship then an
additional logon would be required to access resources across more than one
forest.
Forest is a collection of trees and trees are the collection of
domains. Suppose in a forest there is a tree (engineer.com) and there is
another tree in a network (abc.com) and if there would be a combination among
them and are part of the same organization means will be installed in the same
forest then users of both trees in a network can use each other's resources
Active Directory Organization Unit (OU)
It
is admitted that the smallest container object in Active directory. An OU is a
container that represents a logical grouping of resources that have similar
security or administrative guidelines. OU is used for two important purposes
such as delegation of control and application of security policies. OU is such
a container on which we directly ca implement the group policy objects GPOs.
0 Comments
Thanks for your Feedback